VIRUS PROTECTION AND REMOVAL IV
VIRUS PROTECTION AND REMOVAL
Safe Computing Practices (Safe Hex)
There are some common sense things you can do to help protect yourself against viruses and worms.
Outlook and Outlook Express
This page will hopefully clarify some of the noted confusion about the ability of Outlook and Outlook Express to interact with worms and viruses. In many ways it's a shame that Microsoft had to name the programs with such similar names. With different names the confusion that currently seems to exist would not.
Despite the similar names, Outlook and Outlook Express are two different programs with two different development histories.
The Outlook E-mail client was designed as a replacement for the mail clients MS Exchange and MS Mail. Basically, it's a shoehorn of an Internet mail client into the proprietary MS Mail/Exchange clients.
Outlook Express was a rewrite and expansion of the Internet Email and News client that came with early Internet Explorer browsers (version 3 at least, not certain about version 2).
While Outlook 97 is a full OLE (MS Automation) client and server it did not make methods for accessing the address book and sending mail available to external users (the external user was assumed to know the address it wanted to send mail to). Apparently finding this too restrictive, Microsoft, in Outlook 98, made these interfaces available to external users to work with (i.e., the external user no longer needed to know an E-mail address, they could use addresses stored by Outlook). It's this change that makes it possible for Outlook 98 (and later) to be used by virus/worm authors to do their E-mail tasks for them.
There presently does not appear to be a way to use the Visual Basic Application language tools built into Outlook for macro virus purposes (as you can with Word and Excel) but future changes may allow this.
Outlook Express, unlike Outlook, does not presently make any of its mail routines available to MS Automation (at least in all present shipping versions--who knows what the future may bring).
So, in general, when you see a worm/virus description talk about "Outlook" you can generally assume it means the Outlook program and not the Outlook Express program.
In order to run VisualBasic Scripts (VBS files) on your computer you must have the Windows Scripting Host (WSH) installed and working on your computer. While scripting allows you to closely integrate some application software, it also allows worms such as LoveLetter (as one example) to use your copy of Outlook to send itself to all the people in your address book (and other malicious things!).
In order to avoid these sorts of attacks it's often best to just disable the Windows Scripting Host. Most people don't need/use it. Following are instructions for removing WHS.
Typically, WSH is installed if you choose a standard install of the OS, if you install the IE5 browser, or if you directly install WSH from Microsoft. To turn it off...
(Windows 98 is the only OS Computer Knowledge has tried this process on. Following are brief instructions believed to work for other operating systems.)
Basically, you have WSH installed if you've installed the IE5 browser or WSH itself. In order to stop it from running you have to disassociate the VBS extension with the WSH. Right click "My Computer" on the Desktop or in Windows Explorer. Select "Open." Click on the "View" menu and select "Options...." Now click on the "File Types" tab. Scroll down to "VBScript Script File" (if not found stop here and cancel out; you don't have scripting active). Click on the "VBScript Script File" and select "Remove." Confirm and then quit the File Types application.
Basically, you have WSH installed if you've installed the IE5 browser or WSH itself. In order to stop it from running you have to disassociate the VBS extension with the WSH. Log on as an administrator. Right click "My Computer" on the Desktop or in Windows Explorer. Select "Open." Click on the "View" menu and select "Options...." Now click on the "File Types" tab. Scroll down to "VBScript Script File" (if not found stop here and cancel out; you don't have scripting active). Click on the "VBScript Script File" and select "Remove." Confirm and then quit the File Types application.
WSH is normally installed. In order to stop it from running you have to disassociate the VBS extension with the WSH. Log on as an administrator. Right click "My Computer" on the Desktop or in Windows Explorer. Select "Open." Click on the "View" menu and select "Options...." Now click on the "File Types" tab. Scroll down to "VBScript Script File" (if not found stop here and cancel out; you don't have scripting active). Click on the "VBScript Script File" and select "Remove." Confirm and then quit the File Types application.
Too many people wait for a problem to happen or a virus to attack their PC before they take any action. Once a virus reveals its presence on your PC, it may be too late to recover damaged files. There are many viruses that cannot be successfully removed due to the way the virus infects the program. It's absolutely vital to have protection before the virus strikes. If you wait until you notice that your hard disk is losing data, you may already have hundreds of damaged files.
And, don't forget problems caused by hardware or software glitches. A good backup is excellent protection against those unscheduled events as well.
It's essential to carefully protect all your software and regularly back up the data on all your disks. Do you have a single disk that you can afford not to regularly backup? It's rare to find any PC that does not have some type of important data stored on it (why would you store it if you at least didn't feel it was important at the time?).
When you store your backup use great caution where you store it. Pick a place that will be safe as a physical location. Plan ahead for flood, for example. Don't store your backups in the basement if your business is next to a river! Plan ahead for fire; and if the location is protected by sprinklers what will the water do to the backups? What about physical access? And, so on.
That basically the end of the tutorial. Thank you for reading to this point. But, that's only the start of virus information...
On-going Virus Information
The first place to check often is the web site of your anti-virus provider. There you should find alerts for the latest viruses, information about using their product in the most efficient manner, and, of course, the latest updates. Often you will also find you can join a mailing list and receive upgrade and alert notices automatically via E-mail.
You can also check other anti-virus software vendor sites for their latest alerts and, if you have time and bandwidth to spare join their mailing lists as well. (The link to your left will direct you to a list of some anti-virus software vendors.)
Also, don't forget to check the Computer Knowledge site. Our monthly newsletter often has notes about new viruses and other security items you should be aware of.
There are several usenet newsgroups dedicated to computer viruses. Of these, comp.virus is the best largely because it is moderated by virus experts so the trash postings are suppressed. Unfortunately, the moderator(s) have not been able to process messages very often and so the newsgroup has been quiet for a long time now. The alt.comp.virus newsgroup is quite active as an alternative but there are a considerable number of posts in the group that offer either no benefit or are just plain wrong. Use caution if you read alt.comp.virus or any of the other related alt groups.
There are many more sources of information listed in the alt.comp.virus FAQ. It's posted regularly to alt.comp.virus and comp.virus and is available on the web at:
Specific Virus Descriptions
Some anti-virus vendor sites have databases describing specific viruses in varying detail. Check the FAQ link just above for some links or check the AVP, Data Fellows, Symantec, and McAfee vendors sites (click on the anti-virus software link).
Different vendors sometimes have different names for the same virus. If you can't find a particular virus on one site, check another. You can also check the Virus GREP database which attempts to cross reference all the different virus names. See:
Books which may be of use (a few of these are somewhat dated but still of some value for learning the basics): Next chapter
VIRUS PROTECTION AND REMOVAL
Web Page Designed By